A Set of Classified MQ-9 Reaper Drawings and Documentation for Sale Online for Only $150

Next Post

Press {{ keys }} + D to make this page bookmarked.

Close

Photo: recordedfuture.com

A Set of Classified MQ-9 Reaper Drawings and Documentation for Sale Online for Only $150

4:06
July 13, 2018

878

USA — July 13, 2018

On June 1, 2018, while monitoring criminal actor activities on the deep and dark web, a team of veteran threat researchers and data scientists called the Insikt Group (the word “insikt” is Swedish for insight) identified an attempted sale of what they claim is a series of highly sensitive U.S. Air Force documents, reports Andrei Barysevich in Recorded Future’s blog.

An English-speaking hacker claimed to have gained access to export-controlled documents pertaining to the MQ-9 Reaper unmanned aerial vehicle (UAV). Insikt analysts engaged the hacker and confirmed the validity of the compromised documents. Researchers say that they identified the name and country of residence of an actor associated with a group believed to be responsible for this breach.

According to the “Analysis of the Fiscal Year 2012 Pentagon Spending Request” the total cost of the Reaper UAV program cost $11.8 billion U.S. dollars, with hundreds of UAVs built.

The Group’s specialists identified a newly registered member of a hacking forum attempting to sell highly sensitive documents about the U.S. military MQ-9 Reaper drone.

Manufactured by General Atomics, the MQ-9 Reaper is regarded as one of the most advanced and lethal military technologies to be commissioned in the past two decades. According to open sources, the Reaper was first introduced in 2001 and is currently used by the U.S. Air Force, the U.S. Navy, the CIA, U.S. Customs and Border Protection, NASA, and the militaries of several other countries, including Australia, Dominican Republic, France, Germany, Italy, Netherlands, Spain, United Kingdom, India, Belgium.

Following the first incident, the threat actor acknowledged another breach involving a large number of military documents from an unidentified officer.

Insikt Group analysts learned that the attacker used a widely known tactic of gaining access to vulnerable Netgear routers with improperly setup FTP login credentials.

In the weeks following the initial advertisement, Insikt Group analysts established and maintained direct contact with the hacker, learning that a previously disclosed FTP vulnerability in Netgear routers was exploited to gain access.

The hacker used a popular Shodan search engine that allows users to search unsecured online devices. Utilizing Shodan, the actors scanned large segments of the internet for high-profile misconfigured routers that use a standard port 21 to hijack all valuable documents from compromised machines.

Utilizing the above-mentioned method and setting the FTP password the hacker first infiltrated the computer of a captain at 432d Aircraft Maintenance Squadron Reaper AMU OIC, stationed at the Creech AFB in Nevada, and stole a cache of sensitive documents, including Reaper maintenance course books, the list of airmen assigned to Reaper AMU., and the captain’s certificate of completion for Cyber Awareness Challenge training.

While such course books are not classified materials on their own, they could provide an adversary the ability to assess technical capabilities and weaknesses in one of the most technologically advanced aircraft in the U.S. inventory.

Creech Air Force Base is a United States Air Force (USAF) command and control facility in Clark County, Nevada used "to engage in daily Overseas Contingency Operations…of remotely piloted aircraft systems which fly missions across the globe." In addition to an airport, the military installation has the Unmanned Aerial Vehicle Battlelab, associated aerial warfare ground equipment, and unmanned aerial vehicles of the type used in Afghanistan and Iraq.

Following his advertisement for the Reaper drone documents, the threat actor put yet another set of military documents up for sale. This time the source was never disclosed. However, judging by the content, they appear to have been stolen from the Pentagon or from a U.S. Army official. More than a dozen various training manuals describe improvised explosive device defeat tactics including convoy risk mitigation procedures, an M1 ABRAMS tank operation manual, a crewman training and survival manual, and tank platoon tactics. As with the previous documents, none represent classified materials, although most can be distributed to U.S. government agencies and their contractors only.

During the Insikt Group analyst’s engagement with the actor, he professed that on days he was not hunting for his next victim, he entertained himself by watching sensitive live footage from border surveillance cameras and airplanes. The actor was even bragging about accessing footage from a MQ-1 Predator flying over Choctawhatchee Bay in the Gulf of Mexico.

In early 2016, several security researchers publicly announced that Netgear routers with remote data access capabilities were susceptible to malicious attacks if the default FTP authentication credentials were not updated. Despite it being two years since the vulnerability was first acknowledged, the problem remains widespread. Recorded Future reported that they identified more than 4,000 routers susceptible to the attack.

As it was earlier revealed by WikiLeaks, U.S. operatives actively develop and deploy Wi-Fi routers and Network hardware vulnerabilities as well. Now former CIA software engineer Joshua Schulte is facing charges over what has been described as the largest information leak in the agency's history. Intelligence officials told The Washington Post that the “Vault 7” leak was, “one of the most significant and potentially damaging leaks in the CIA’s history, exposing secret cyber weapons and spying techniques that might be used against the United States.”

It is not uncommon to uncover sensitive data like personally identifiable information (PII), login credentials, financial information, and medical records being offered for sale on the dark web. However, it is incredibly rare for criminal hackers to steal and then attempt to sell military documents on an open market.

A public affairs officer told reporters that he had not heard about the breach before receiving reporters’ calls on Tuesday who referred them late Tuesday to Air Force press operations.

The incident is hardly the first time user error has left military data exposed to hackers. Last year, an employee of Booz Allen Hamilton, one of the nation’s top intelligence and defense contractors, accidently left a cache of 60,000 sensitive files on a publicly accessible Amazon server, including passwords to a US government system containing sensitive information, and the security credentials of a lead senior engineer at Booz Allen Hamilton. What’s more, the roughly 28GB of data contained at least a half dozen unencrypted passwords belonging to government contractors with Top Secret Facility Clearance.

Last month USA Really reported about the breach that occurred in January and February of this year, when hackers infiltrated the computers of a company working on a submarine-based missile known as Sea Dragon as well as other underwater program contracts and accessed 614 gigabytes of classified technological information.